All About PCI Compliance Requirements

August 16, 2011 | Author: | Posted in Computers and Technology
[an error occurred while processing this directive]

A set of compliance regulations, which has been adopted by various financial institutions, is known as Payment Card Industry Data Security Standard. The PCI DSS 2.0 governs those companies, which store or manage customer identifiable data, like bank account, credit card and Social Security number.

PCI Compliance Requirements Divided Into 12 Sets

The Payment Card Industry Data Security Standard has been divided into 12 PCI Compliance Requirements. The PCI Compliance Requirements include the management of every possible thing that can be thought of, for data security. The PA DSS Compliance looks after anti-virus policies, password policies and software development cycle of the company, encryption, segregation and configuration.

Building And Maintaining A Secured Network

The first two PA DSS Compliance requirements are to deal with the firewall configuration of the company as well as changing vendor defaults. This includes default passwords of the different software that a company uses.

Protection Of The Cardholders’ Data

The next two PCI Compliance Requirements of Payment Card Industry Standard deal with encrypting data while these are transmitting as well as when these are stored. Auditors from PCI itself scrutinize these critical PA DSS Compliance requirements of PCI DSS 2.0. Hence, this means that you need to maintain a good encryption policy to pass the requirements of Payment Card Industry Data Security Standard.

Program To Manage Vulnerability

Another two PA DSS Compliance requirements are there to deal with software development and anti-virus maintenance. The former one is a very important and a big section of the PCI DSS 2.0 audit and this is the reason why you need a documented software development lifecycle. The latter is the need to have a not-so-long anti-virus policy, which can meet the Security Policy of requirement 12 as well.

Implementation Of Strong Measures To Control Access

The PA DSS Compliance requirements from section seven to nine deal with giving limited access to cardholders’ data to few people on need-to-know basis. The Payment Card Industry Standard ensures that a unique identification is assigned to the people who want to access the data of any customer. However, it restricts the person to access the data center physically. There are some organizations, which assigns a PCI compliant host provider to store data of the customers for them.

Monitoring And Testing Of Networks On A Regular Basis

The 10 and 11 PCI Compliance Requirements deal with the process of logging into network to access the cardholders’ data. These two requirements make sure that all the processes and systems are tested as per the schedule.

The Maintenance Of A Strong Information Security Policy

The 12th or the last requirement of Payment Card Industry Standard compliance is related to the security policy. This needs to maintain the other 11 requirements as well. This requires the submission or producing the biggest piece of documentation before the Payment Card Industry Data Security Standard to be compliant. Hence, it is important to hire technical writer who would be able to meet the standard of PCI DSS 2.0 requirements in this regard.

Mike is writing about PCI DSS 2.0 and Payment Card Industry Data Security Standard available at


  • coming soon!


This author has published 145 articles so far. More info about the author is coming soon.

Comments (1)

  1. If you are concerned with not being compliant with the new PCI Compliance standards, please call and we will be glad to help.

    Please call Monday through Friday between 8:00am to 5:00pm Central Time Zone

    Patrick Benadum
    (512) 495-9990

Leave a Reply